CWE-269


Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

We have discovered 167,020 live websites that are affected by CWE-269.

Contact us to get more info







CVEs

  • Count - 81



CWE-269 usage by Country

United States58,234 websites


Germany17,697 websites
France10,427 websites
Italy6,265 websites
GB6,076 websites
Spain4,883 websites
Brazil4,012 websites
Netherlands3,945 websites
Poland3,838 websites
Russia3,791 websites

CWE-269 usage by TLD

.com67,671 websites
.org9,294 websites
.de7,211 websites
.com.br5,538 websites
.it4,962 websites
.co.uk4,106 websites
.nl3,817 websites
.fr3,716 websites
.net3,481 websites
.com.au3,382 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-269
DiscoveredCVEDescriptionWebsites
Jun, 2025CVE-2025-4315 CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation494
May, 2025CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability3,592
May, 2025CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover22
May, 2025CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation74
Apr, 2025CVE-2025-2238 Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'34
Apr, 2025CVE-2025-3761 My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation101
Apr, 2025CVE-2025-2563 User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation6,188
Apr, 2025CVE-2025-2798 Woffice <= 5.4.21 - Authentication Bypass via Registration Role499
Apr, 2025CVE-2025-2237 WP RealEstate <= 1.6.26 - Authentication Bypass via 'process_register'216
Mar, 2025CVE-2025-29924 XWiki uses the wrong wiki reference in AuthorizationManager59

The most widespread CVEs

List of the most common CVEs that are part of CWE-269
DiscoveredCVEDescriptionWebsites
Jul, 2024CVE-2024-37455 WordPress Ultimate Addons for elementor plugin <= 1.36.31 - Privilege Escalation vulnerability26,976
May, 2024CVE-2023-41955 WordPress Essential Addons for Elementor plugin <= 5.8.8 - Contributor+ Privilege Escalation vulnerability22,627
May, 2024CVE-2023-48757 WordPress JetEngine plugin <= 3.2.4 - Privilege Escalation vulnerability18,986
Jun, 2022CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation18,090
May, 2024CVE-2023-46145 WordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerability13,085
May, 2024CVE-2023-41954 WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability10,944
Aug, 2024CVE-2024-39634 WordPress PowerPack Pro for Elementor plugin <= 2.10.14 - Contributor+ Privilege Escalation vulnerability9,195
Jul, 2023CVE-2023-3460 Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation6,565
May, 2024CVE-2023-41665 WordPress GiveWP plugin <= 2.33.0 - GiveWP Manager+ Privilege Escalation vulnerability6,441
Apr, 2025CVE-2025-2563 User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation6,188

Websites affected by CWE-269

Top websites that are affected by CWE-269. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
********.****.com United States***
*****.com United States***
***.int Switzerland*,***
**********.dk Denmark*,***
******.gov United States*,***
**********.com United States*,***
****.**.gov United States*,***
***************.org United States*,***
********.com United States*,***
***********.***.au Australia*,***
See full domain list